ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baserow

v1.0.0

Work with Baserow tables/rows over the REST API for reads, inserts, and updates. Use when user asks to view or modify Baserow CRM/pipeline data.

0· 344·0 current·0 all-time
byEric Bone@ericjbone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill name/description (Baserow REST access) aligns with the runtime instructions which call a Baserow API. However the registry metadata claims no required environment variables while the SKILL.md clearly requires BASEROW_BASE_URL and BASEROW_TOKEN. The SKILL.md also hardcodes a default instance (https://baserow.ericbone.me) and maps specific table IDs for a Renpho CRM — that makes this skill specific to a single deployment rather than a general Baserow integration. These discrepancies are unexpected and should be clarified.
Instruction Scope
Instructions are explicit about how to read/write rows (python urllib for GET, curl for PATCH/POST) and reference the local secrets file ~/.openclaw/.env. Reading that file and sourcing it is required to operate, which is within scope for this integration. The SKILL.md also instructs agents to write/validate the .env (and to use shell export/grep/xargs), which grants the agent the ability to create or read a plaintext token file — reasonable for operation but sensitive and should be constrained and audited.
Install Mechanism
This is an instruction-only skill with no install steps or additional packages, and it relies only on python3 and standard shell tools. No downloads or archives are performed, so install-risk is low.
!
Credentials
The SKILL.md requires BASEROW_TOKEN and BASEROW_BASE_URL (a personal API token and base URL), but the registry metadata did not list any required env vars or a primary credential. Worse, the README contains a literal token-like example value ('mOsuizlNhy...'), which could be an exposed credential. Requesting a Baserow token is reasonable for this purpose, but (a) the missing declaration in registry metadata is an inconsistency, and (b) the presence of a sample token in the skill doc is a high-risk disclosure that must be verified and rotated if real.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request system-wide configuration changes or persistent installation. However, because the skill requires a token, if the agent is allowed to invoke the skill autonomously it could act on that token — this is normal but worth noting as an operational risk if the token has broad privileges.
What to consider before installing
Do not install blindly. Ask the publisher to explain the registry/README mismatch (the registry says no env vars, the SKILL.md requires BASEROW_BASE_URL and BASEROW_TOKEN). Confirm whether the token string included in the SKILL.md is a real credential; if it is, rotate it immediately and do not use this skill until the token is revoked. Prefer creating a least-privilege API token scoped only to the tables/operations the agent needs. If you proceed, store the token securely (avoid long-lived plaintext if possible), verify the base URL is the intended host, and test with a disposable token first. If you lack confidence in the publisher, treat this skill as untrusted and do not give it access to production tokens.

Like a lobster shell, security has layers — review code before you run it.

latestvk971yezdg74fp6sqt2sapnqv59823qj9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
Environment variables
BASEROW_BASE_URLrequired
BASEROW_TOKENrequired

Comments